[jira] [Commented] (MGPG-92) `--pinentry-mode error` cannot be used with gpg-agent "extra" socket
[ https://issues.apache.org/jira/browse/MGPG-92?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17847418#comment-17847418 ] Tamas Cservenak commented on MGPG-92: - True, in case of HW device BouncyCastle signer will not help. Am not quite educated with HW keys, could you maybe provide a PR or at least a "hint" what should be modified to make it work for you? > `--pinentry-mode error` cannot be used with gpg-agent "extra" socket > > > Key: MGPG-92 > URL: https://issues.apache.org/jira/browse/MGPG-92 > Project: Maven GPG Plugin > Issue Type: Bug >Reporter: Nick Dimiduk >Priority: Major > > Over on HBASE-27312, we found an issue in our release automation, which > relies on using this plugin and a GnuPG agent for performing builds inside of > an isolated environment. With GPG version >= 2.1, the plugin will make use of > {{--pinentry-mode error}}. This feature appears to not be available using the > "extra" gpg-agent socket. We had to "upgrade" to using the "standard" socket, > which probably exposes more gpg features to the isolated environment than we > would like. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MGPG-92) `--pinentry-mode error` cannot be used with gpg-agent "extra" socket
[ https://issues.apache.org/jira/browse/MGPG-92?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17847338#comment-17847338 ] Nick Dimiduk commented on MGPG-92: -- I may be mistaken, but I think this is not possible when the signing material is stored on a hardware device. In this case, there is no password that can be provided, and the only option is forwarding the agent. Anyway, this use-case where this came up is not an "isolated" environment, though it is jumping through several hoops in order to sign in a container process running in a VM on the localhost (i.e., Docker Desktop + MacOS). > `--pinentry-mode error` cannot be used with gpg-agent "extra" socket > > > Key: MGPG-92 > URL: https://issues.apache.org/jira/browse/MGPG-92 > Project: Maven GPG Plugin > Issue Type: Bug >Reporter: Nick Dimiduk >Priority: Major > > Over on HBASE-27312, we found an issue in our release automation, which > relies on using this plugin and a GnuPG agent for performing builds inside of > an isolated environment. With GPG version >= 2.1, the plugin will make use of > {{--pinentry-mode error}}. This feature appears to not be available using the > "extra" gpg-agent socket. We had to "upgrade" to using the "standard" socket, > which probably exposes more gpg features to the isolated environment than we > would like. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MGPG-92) `--pinentry-mode error` cannot be used with gpg-agent "extra" socket
[ https://issues.apache.org/jira/browse/MGPG-92?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17823306#comment-17823306 ] Tamas Cservenak commented on MGPG-92: - In isolated environment the "bc" signer is recommended, without hoops and loops (and provide key and passphrase as env values). > `--pinentry-mode error` cannot be used with gpg-agent "extra" socket > > > Key: MGPG-92 > URL: https://issues.apache.org/jira/browse/MGPG-92 > Project: Maven GPG Plugin > Issue Type: Bug >Reporter: Nick Dimiduk >Priority: Major > > Over on HBASE-27312, we found an issue in our release automation, which > relies on using this plugin and a GnuPG agent for performing builds inside of > an isolated environment. With GPG version >= 2.1, the plugin will make use of > {{--pinentry-mode error}}. This feature appears to not be available using the > "extra" gpg-agent socket. We had to "upgrade" to using the "standard" socket, > which probably exposes more gpg features to the isolated environment than we > would like. -- This message was sent by Atlassian Jira (v8.20.10#820010)